公共目录

您目前的位置: 首页» 公共目录» 学术活动

学术讲座:Critical Path Identification and Analysis for Smart Contracts

      题: Critical Path Identification and Analysis for Smart Contracts

  人:Zijiang Yang 杨子江 教授 (西密歇根大学)
      间:2018620日,周三上午8:30

      点:信息工程学院二层小会议室

   位: 首都师范大学信息工程学院

个人简介:

Zijiang Yang is a professor of Computer Science at Western Michigan University. His research is in the broad areas of software engineering. He has published over eighty conference and journal papers with about 1/3 ranked in CCF category A. He received his Ph.D. from the University of Pennsylvania, M.S. from Rice University, and B.S. from the University of Science and Technology of China, all in computer science. He is a recipient of the 2018 ACM SIGSOFT Distinguished Paper Award (ICSE best paper award), 2016 Google CS Engagement Award and 2008 ACM TODAES best paper award. He is the general chair of the 12th IEEE Conference on Software Testing, Validation and Verification (ICST). 

 

研究内容摘要:

Smart contracts built on top of the blockchain technology provides a platform for automatically executing contracts in an anonymous, distributed, and trusted way. The technology claims to have the potential to revolutionize many industries. However, smart contracts have become a magnate for cyberattacks and millions of dollars were stolen.  In the first part of the talk, we present a symbolic execution based approach  that automatically identify a small number of critical program paths that may have vulnerabilities.  Our approach has been implemented in a tool called sCompile, which has been applied to  more than 10,000 smart contracts. The experiment results show that sCompile is efficient, i.e., it spends 6.58 seconds on average to analyze a smart contract. Furthermore, we show that many known vulnerability can be captured if the user inspects as few as the top 5 program paths generated by sCompile. Using sCompile, we identify 92 previously unknown vulnerabilities.